sub_outside():
NTDLL.RtlGetLastWin32Error
KERNEL32.GetVersion
KERNEL32.IsBadWritePtr
KERNEL32.GetCurrentThreadId
KERNEL32.IsDebuggerPresent
KERNEL32.GetProcessHeap
KERNEL32.GetTickCount
KERNEL32.GetCurrentProcessId
KERNEL32.GlobalFindAtomA
KERNEL32.GlobalDeleteAtom
|
sub_403883(00d4):
KERNEL32.GetCurrentProcessId
KERNEL32.GetCurrentThreadId
KERNEL32.GlobalAddAtomA
|
sub_405636(013f):
NTDLL.RtlGetLastWin32Error
KERNEL32.IsDebuggerPresent
KERNEL32.LocalFree
KERNEL32.lstrlenA
KERNEL32.LocalAlloc
KERNEL32.GetTempPathA
KERNEL32.GetProcessHeap
KERNEL32.GetTickCount
KERNEL32.GetVersion
KERNEL32.GetCurrentProcessId
KERNEL32.GetCurrentThreadId
KERNEL32.CreateFileA
KERNEL32.WriteFile
KERNEL32.CloseHandle
"8_|9t"
"BLX"
" YeQI"
|
sub_401D0D(0444):
KERNEL32.GetProcessHeap
KERNEL32.GetTickCount
KERNEL32.IsDebuggerPresent
KERNEL32.GetCurrentThreadId
KERNEL32.GetVersion
"~ /rG"
"O"
|
sub_40439D(06bd):
KERNEL32.GetCurrentThreadId
KERNEL32.WriteFile
KERNEL32.CloseHandle
KERNEL32.WinExec
"œϣœ"
|
sub_40876A(0754):
KERNEL32.VirtualAlloc
|
sub_4024CB(07e2):
KERNEL32.GetTickCount
KERNEL32.GetCurrentThreadId
|
sub_406980(094f):
KERNEL32.IsDebuggerPresent
NTDLL.RtlGetLastWin32Error
KERNEL32.GetVersion
KERNEL32.GetCurrentProcessId
"{9BA05972-F6A8-11CF-A442-00A0C90A8F39}"
|
sub_40815F(0b9f):
NTDLL.RtlGetLastWin32Error
KERNEL32.GetCurrentThreadId
KERNEL32.GetProcessHeap
KERNEL32.CreateFileA
KERNEL32.SetFilePointer
KERNEL32.WriteFile
KERNEL32.CloseHandle
"8Fr8!#"
"m:K!< j"
"g+V3S "
|
sub_4051C3(0f93):
NTDLL.RtlGetLastWin32Error
KERNEL32.GetCurrentProcessId
KERNEL32.OpenProcess
ADVAPI32.OpenProcessToken
KERNEL32.CloseHandle
KERNEL32.GetCurrentThreadId
KERNEL32.LocalAlloc
ADVAPI32.GetTokenInformation
KERNEL32.GetVersion
KERNEL32.LocalFree
|
sub_408472(134a):
KERNEL32.GetCurrentProcessId
KERNEL32.GetSystemDirectoryA
KERNEL32.GetCurrentThreadId
KERNEL32.CreateFileA
KERNEL32.GetFileTime
KERNEL32.SetFileTime
KERNEL32.CloseHandle
"LUVIa"
|
sub_409883(135c):
KERNEL32.GetCurrentProcessId
KERNEL32.GetTickCount
KERNEL32.IsDebuggerPresent
KERNEL32.GetCurrentThreadId
NTDLL.RtlGetLastWin32Error
KERNEL32.GetVersion
KERNEL32.DeleteFileA
KERNEL32.GetProcessHeap
KERNEL32.CreateFileA
KERNEL32.GetFileSize
KERNEL32.CloseHandle
KERNEL32.GetSystemDirectoryA
KERNEL32.GetWindowsDirectoryA
KERNEL32.WinExec
KERNEL32.LocalFree
"O 8."
"oac-Pl"
" +W9"
" vY v+adq"
"C:\\WINDOWS\\system32"
"mqqu?** v"
"*"
"*rdfh+umu"
"Vjcqrdw`YHlfwjvjcqYRlkajrv"
"lcf"
":lcf8 p"
" ZIs8"
"t"
"KKQHOOK"
"KA"
"Vjcqrdw`YHlfwjvjcqYRlkajrv"
"lcf"
"~H:!e"
"ruvq%"
"Q1^Q!5k"
"ofstkkq"
"Software\\Microsoft\\Windows"
" vY v+adq"
"C:\\WINDOWS\\system32"
"t"
"KKQHOOK"
"1G"
"ofstkkq"
"Software\\Microsoft\\Windows"
",kd"
"ofstkkqc"
"Software\\Microsoft\\Windows"
"zN7?>"
" vY v+qhu"
"C:\\WINDOWS\\system32"
"t"
"KKQHOOK"
"ofstkkqc"
"Software\\Microsoft\\Windows"
":ahu87"
" vY v+adq"
"C:\\WINDOWS\\system32"
"t"
"KKQHOOK"
"`<$8a5!"
"%0N"
" v%*F% v"
"rpua%"
" vY v+adq"
"C:\\WINDOWS\\system32"
"|Vchc$V"
"}a7"
"t"
"k`rs`w"
" Wc"
|
sub_40355C(13a4):
KERNEL32.GetVersion
KERNEL32.GlobalFindAtomA
KERNEL32.GetCurrentProcessId
KERNEL32.GlobalDeleteAtom
"pFoE#K"
|
sub_4028B9(1523):
KERNEL32.GetCurrentThreadId
KERNEL32.GetCurrentProcessId
KERNEL32.GetTickCount
"b_HiR"
"$n*-TE "
|
sub_407F34(19b5):
KERNEL32.GetCurrentThreadId
KERNEL32.GetVersion
KERNEL32.GetProcessHeap
|
sub_4016D2(2413):
NTDLL.RtlGetLastWin32Error
|
sub_4052F4(258a):
KERNEL32.CreateFileA
KERNEL32.GetTickCount
KERNEL32.SetFilePointer
KERNEL32.GetVersion
KERNEL32.WriteFile
NTDLL.RtlGetLastWin32Error
KERNEL32.CloseHandle
"j~3 c7"
";i '&"
|
sub_408E57(25ca):
USER32.GetWindow
USER32.GetClassNameA
KERNEL32.GetCurrentThreadId
"qY3 `"
|
sub_404DE3(2992):
KERNEL32.GetProcessHeap
KERNEL32.GetCurrentProcessId
"ٌ"
"O+Vunh"
"ʌ"
"ʇ"
"ʐ"
"ʃ"
"ن"
"ʆ"
" X c6L="
""
|
sub_40B090(2c0a):
KERNEL32.GetVersion
USER32.GetWindowRect
KERNEL32.GetTickCount
USER32.MoveWindow
USER32.PostQuitMessage
USER32.DestroyWindow
KERNEL32.GetProcessHeap
KERNEL32.GetCurrentThreadId
GDI32.SetTextColor
GDI32.SetBkColor
GDI32.CreateBrushIndirect
USER32.GetWindowTextA
USER32.MessageBoxA
KERNEL32.GetCurrentProcessId
USER32.SetFocus
KERNEL32.CreateFileA
NTDLL.RtlGetLastWin32Error
KERNEL32.SetFilePointer
KERNEL32.WriteFile
KERNEL32.IsDebuggerPresent
KERNEL32.CloseHandle
USER32.ShowWindow
USER32.DefWindowProcA
"#GRA"
"AjfJgo`fq"
"@}uijw`w"
" v"
"Ui`dv`)%v`i`fq%@}ulwdqljk%Hjkqm"
" v% v"
"Ui`dv`)%v`i`fq%@}ulwdqljk%\\`dw"
" v( v"
" v% v"
|
sub_405004(3648):
KERNEL32.GetTickCount
ADVAPI32.GetSidIdentifierAuthority
KERNEL32.GetCurrentProcessId
ADVAPI32.GetSidSubAuthorityCount
USER32.wsprintfA
KERNEL32.IsDebuggerPresent
ADVAPI32.GetSidSubAuthority
KERNEL32.GetVersion
"ؑ"
"G84rg"
"ؑ"
"ؑ"
|
sub_40692F(3b96):
NTDLL.RtlGetLastWin32Error
KERNEL32.GetProcessHeap
|
sub_402AD6(3e38):
KERNEL32.GetVersion
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
KERNEL32.GetProcessHeap
KERNEL32.GetTickCount
NTDLL.RtlGetLastWin32Error
KERNEL32.IsBadReadPtr
KERNEL32.GlobalMemoryStatus
KERNEL32.GetCurrentProcessId
KERNEL32.GetCurrentThreadId
KERNEL32.CloseHandle
KERNEL32.GetModuleHandleA
NTDLL.RtlZeroMemory
KERNEL32.VirtualQuery
".jYP"
"= ;v4R7"
" ox $"
"kernel32.dll"
|
sub_408884(421a):
KERNEL32.GetTickCount
NTDLL.RtlZeroMemory
NTDLL.RtlGetLastWin32Error
"Ff3? b"
".LpBL"
"H,CwUL"
|
sub_404D86(42f9):
"ِ"
|
sub_408860(459d):
KERNEL32.GetCurrentProcessId
NTDLL.RtlGetLastWin32Error
|
sub_402246(47e0):
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
KERNEL32.GetCurrentThreadId
"ntdll.dll"
"RtlInitUnicodeString"
"NtUnmapViewOfSection"
"4EFo@g^"
"NtMapViewOfSection"
"RtlNtStatusToDosError"
|
sub_4015B0(4d93):
KERNEL32.GetCurrentProcessId
ADVAPI32.RegCreateKeyExA
ADVAPI32.RegSetValueExA
KERNEL32.GetProcessHeap
ADVAPI32.RegCloseKey
NTDLL.RtlGetLastWin32Error
|
sub_405F5E(5628):
KERNEL32.GetProcessHeap
KERNEL32.GetVersion
KERNEL32.GetCurrentThreadId
NTDLL.RtlGetLastWin32Error
KERNEL32.IsDebuggerPresent
KERNEL32.GetCurrentProcessId
"@WFed0"
"k`Po"
":&/=>(;,5$"
"X_YX"
"X_YX"
"X_YX"
"X_YX"
"G-,/(<%=5:&/=>(;,5$"
|
sub_40256D(590a):
KERNEL32.GetCurrentThreadId
KERNEL32.GetCurrentProcessId
NTDLL.RtlGetLastWin32Error
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
KERNEL32.IsDebuggerPresent
"ym SU _"
|
sub_40470D(616b):
KERNEL32.GetCurrentThreadId
KERNEL32.GetCurrentProcessId
KERNEL32.GetVersion
KERNEL32.IsDebuggerPresent
KERNEL32.GetTickCount
""
""
""
""
"&:; lw"
""
|
sub_404BA0(6201):
KERNEL32.GetCurrentProcessId
""
""
" hS "
""
"ه"
|
sub_40247C(63b4):
KERNEL32.GetVersion
KERNEL32.IsDebuggerPresent
|
sub_401B83(64d1):
KERNEL32.lstrlenA
KERNEL32.IsDebuggerPresent
"gx%K"
"jV"
"'lkW"
":|"
|
sub_403D18(67bb):
KERNEL32.GetCurrentThreadId
KERNEL32.GetProcessHeap
NTDLL.RtlGetLastWin32Error
KERNEL32.CreateFileA
KERNEL32.IsDebuggerPresent
KERNEL32.WriteFile
KERNEL32.GetCurrentProcessId
KERNEL32.CloseHandle
KERNEL32.GetTickCount
"IW' KA"
"R6"
"Z0LNYh?"
"v6l"
"C:\\WINDOWS\\system32"
"Ea#0 I"
|
sub_4040BF(6885):
ADVAPI32.RegCreateKeyExA
KERNEL32.GetProcessHeap
ADVAPI32.RegSetValueExA
ADVAPI32.RegCloseKey
|
sub_40107A(6c44):
NTDLL.RtlUnwind
|
sub_40538B(6dc9):
KERNEL32.GetVersion
KERNEL32.GetCurrentThreadId
WININET.FindFirstUrlCacheEntryA
KERNEL32.IsDebuggerPresent
WININET.FindNextUrlCacheEntryA
KERNEL32.GetProcessHeap
",4Ct"
|
sub_40409A(6f56):
KERNEL32.GetCurrentProcessId
"N,"
|
sub_408C55(725d):
KERNEL32.GetVersion
KERNEL32.GetCurrentThreadId
KERNEL32.GetProcessHeap
KERNEL32.ExpandEnvironmentStringsA
KERNEL32.GetTickCount
KERNEL32.CreateProcessA
KERNEL32.CloseHandle
KERNEL32.TerminateProcess
"tEPL"
"Ht@zSo"
"7R "
" "
|
sub_404313(725d):
KERNEL32.GetCurrentThreadId
KERNEL32.DeleteFileA
KERNEL32.GetTickCount
KERNEL32.CreateFileA
""
"ڌꠄœގꠉœ"...
|
sub_408EFF(7278):
KERNEL32.GetCurrentThreadId
KERNEL32.GetTickCount
USER32.ShowWindow
NTDLL.RtlGetLastWin32Error
USER32.GetWindowRect
KERNEL32.IsDebuggerPresent
USER32.CreateWindowExA
KERNEL32.GetVersion
GDI32.CreateFontA
USER32.SendMessageA
KERNEL32.GetProcessHeap
KERNEL32.GetCurrentProcessId
USER32.GetWindowLongA
USER32.SetWindowLongA
USER32.SetFocus
"AjfJgo`fq"
"@}uijw`w"
"KKQHOOK"
"VQDQLF"
"VQDQLF"
"FJHGJGJ]"
"FJHGJGJ]"
" +7p"
"75 +7p"
"VQDQLF"
"\\jpw%fdwa%kphg`w"
"KG H^"
"VQDQLF"
"@}ulwdqljk%adq`"
"VQDQLF"
"DQH%ULK(Fja`"
"VQDQLF"
"VQDQLF"
"Ui`dv`%hdn`%fjww`fqljkv%dka%qw|%dbdlk+"
"z "
"@ALQ"
"@ALQ"
"GPQQJK"
"Filfn%Jkf`%Qj%Fjkqlkp`"
"WVqr^:Q"
|
sub_404590(7677):
KERNEL32.GetVersion
"blind_user"
|
sub_40369B(77d9):
NTDLL.RtlGetLastWin32Error
KERNEL32.GetCurrentThreadId
KERNEL32.GetProcessHeap
|
sub_408581(8146):
KERNEL32.GetVersion
NTDLL.RtlGetLastWin32Error
KERNEL32.CreateFileA
KERNEL32.WriteFile
KERNEL32.CloseHandle
KERNEL32.GetCurrentProcessId
KERNEL32.GetSystemDirectoryA
KERNEL32.DeleteFileA
KERNEL32.WinExec
"c:\\boot.sys"
":zH="
"0Vm |I"
"MZ"
|
sub_4017D2(8426):
KERNEL32.GetTickCount
NTDLL.RtlGetLastWin32Error
KERNEL32.GetProcessHeap
"D Jy"
|
sub_40C3D8(8c45):
KERNEL32.GetCommandLineA
KERNEL32.GetModuleHandleA
|
sub_4022E4(8d7e):
KERNEL32.GetTickCount
NTDLL.RtlGetLastWin32Error
KERNEL32.GetCurrentThreadId
ADVAPI32.GetSecurityInfo
ADVAPI32.SetEntriesInAclA
KERNEL32.IsDebuggerPresent
ADVAPI32.SetSecurityInfo
KERNEL32.GetVersion
KERNEL32.CloseHandle
"\\device\\physicalmemory"
"CURRENT_USER"
|
sub_401A43(8ff5):
KERNEL32.GetProcessHeap
KERNEL32.CreateFileA
KERNEL32.GetCurrentProcessId
KERNEL32.GetFileSize
KERNEL32.LocalAlloc
KERNEL32.ReadFile
KERNEL32.IsDebuggerPresent
KERNEL32.CloseHandle
|
sub_406D91(92b6):
KERNEL32.GetVersion
USER32.GetForegroundWindow
KERNEL32.GetProcessHeap
KERNEL32.GetCurrentThreadId
KERNEL32.IsDebuggerPresent
NTDLL.RtlGetLastWin32Error
KERNEL32.GetTickCount
KERNEL32.GetCurrentProcessId
"value"
"name"
"6Ux6"
"tRO,_"
" vo4|"
"a&vY"
"zA6:c"
" f>"
"ǭߥؾ"
"ߥحߥؾ"
"jETH#"
"kQ"
"gG',"
"EQf8"
"#JQS$ "
"h7A6/"
"غ"
""
""
"Y;"
""
|
sub_4068E8(92e6):
KERNEL32.IsDebuggerPresent
KERNEL32.lstrlenW
KERNEL32.WideCharToMultiByte
NTDLL.RtlGetLastWin32Error
|
sub_401320(a02e):
KERNEL32.GetTickCount
KERNEL32.CreateFileA
KERNEL32.ReadFile
KERNEL32.CloseHandle
KERNEL32.GetVersion
NTDLL.RtlGetLastWin32Error
"l iMn "
|
sub_404502(a347):
KERNEL32.GetProcessHeap
KERNEL32.GetVersion
KERNEL32.GetCurrentThreadId
USER32.GetThreadDesktop
KERNEL32.GetTickCount
USER32.CreateDesktopA
USER32.SetThreadDesktop
"blind_user"
|
sub_401490(a35f):
KERNEL32.GetCurrentProcessId
NTDLL.RtlGetLastWin32Error
ADVAPI32.RegOpenKeyExA
ADVAPI32.RegQueryValueExA
ADVAPI32.RegCloseKey
|
sub_408A4F(a58c):
KERNEL32.GetProcessHeap
KERNEL32.GetTickCount
KERNEL32.IsDebuggerPresent
NTDLL.RtlGetLastWin32Error
KERNEL32.GetCurrentProcessId
"4 |
sub_404657(a5a2):
"|@rVA2g"
"SF="
" 1"
""
|
sub_404970(ab47):
KERNEL32.GetCurrentThreadId
KERNEL32.GetTickCount
KERNEL32.GetProcessHeap
NTDLL.RtlGetLastWin32Error
KERNEL32.GetCurrentProcessId
"d~q |
sub_4062A9(af31):
NTDLL.RtlGetLastWin32Error
KERNEL32.InterlockedIncrement
KERNEL32.IsDebuggerPresent
KERNEL32.LocalFree
KERNEL32.GetTickCount
KERNEL32.GetProcessHeap
KERNEL32.ExpandEnvironmentStringsA
KERNEL32.GetCurrentProcessId
KERNEL32.CreateProcessA
KERNEL32.CloseHandle
KERNEL32.GetCurrentThreadId
USER32.FindWindowA
KERNEL32.Sleep
USER32.GetWindowTextA
KERNEL32.CopyFileA
KERNEL32.DeleteFileA
KERNEL32.lstrlenA
KERNEL32.TerminateProcess
"L-o-5 "
"yvlSzz"
"- |