_WinMain16():
	KERNEL32.GetModuleFileNameA
	KERNEL32.CreateThread
	KERNEL32.SetFileAttributesA

sub_401868(15ae):
	KERNEL32.CreateFileA
	KERNEL32.GetFileSize
	KERNEL32.ReadFile

	"kari"

sub_40194D(4af1):
	ADVAPI32.GetUserNameA

	"USER"
	"CurrentUser"

sub_401854(5d2d):
	KERNEL32.ResumeThread

sub_4019D8(65f5):
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress
	KERNEL32.GetCurrentProcess
	KERNEL32.ReadProcessMemory

	"CreateProcessA"
	"KERNEL32.dll"

sub_405885(9db0):
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress

	"SetThreadContext"
	"kernel32.dll"

sub_4058A2(9db0):
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress

	"NtUnmapViewOfSection"
	"ntdll.dll"

sub_405868(9db0):
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress

	"ReadProcessMemory"
	"kernel32.dll"

sub_4016ED(abc1):
	KERNEL32.VirtualProtectEx
	NTDLL.ZwUnmapViewOfSection
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress
	KERNEL32.SetThreadContext

	"WriteProcessMemory"
	"kernel32.dll"

StartAddress(c986):
	USER32.SendMessageA

	"Windows Security Alert"
	"BitDefender Firewall Alert"

sub_4015FA(d326):
	KERNEL32.VirtualQueryEx

sub_4019A8(e292):
	KERNEL32.CreateFileA
	KERNEL32.CloseHandle

	"\\\\.\\NTICE"

sub_401000(fab4):
	KERNEL32.LoadLibraryA
	KERNEL32.FreeLibrary

	"ntdll.dll"
	"RtlDecompressBuffer"
	"RtlGetCompressionWorkSpaceSize"

sub_401612(fc6d):
	KERNEL32.CreateProcessA
	KERNEL32.GetThreadContext
	KERNEL32.ReadProcessMemory
	USER32.MessageBoxA

	"ytryi90ue turet sret	trshgfdjh gfdhfdg"
	"gsfdgsfdgsfdgretsfdhgsfdhgfd"