sub_outside():
KERNEL32.IsDebuggerPresent
KERNEL32.GetProcessHeap
KERNEL32.GetCurrentThreadId
KERNEL32.GlobalFindAtomA
NTDLL.RtlGetLastWin32Error
KERNEL32.GlobalDeleteAtom
|
sub_4087BF(052f):
KERNEL32.VirtualFree
|
sub_4035A9(11cb):
KERNEL32.IsDebuggerPresent
NTDLL.RtlGetLastWin32Error
KERNEL32.GlobalFindAtomA
KERNEL32.GetCurrentProcessId
KERNEL32.GlobalDeleteAtom
|
sub_402355(14fb):
KERNEL32.GetProcessHeap
KERNEL32.GetTickCount
KERNEL32.GetCurrentProcessId
KERNEL32.GetVersion
ADVAPI32.GetSecurityInfo
ADVAPI32.SetEntriesInAclA
ADVAPI32.SetSecurityInfo
KERNEL32.CloseHandle
"\\device\\physicalmemory"
"CURRENT_USER"
|
sub_405217(1ced):
KERNEL32.GetCurrentProcessId
KERNEL32.OpenProcess
KERNEL32.GetProcessHeap
ADVAPI32.OpenProcessToken
KERNEL32.CloseHandle
KERNEL32.LocalAlloc
ADVAPI32.GetTokenInformation
KERNEL32.LocalFree
KERNEL32.GetCurrentThreadId
KERNEL32.IsDebuggerPresent
|
sub_402B12(213a):
KERNEL32.GetProcessHeap
KERNEL32.GetVersion
KERNEL32.LoadLibraryA
KERNEL32.GetProcAddress
NTDLL.RtlGetLastWin32Error
KERNEL32.GetCurrentProcessId
KERNEL32.IsBadReadPtr
KERNEL32.GetTickCount
KERNEL32.GlobalMemoryStatus
KERNEL32.CloseHandle
KERNEL32.GetModuleHandleA
KERNEL32.IsDebuggerPresent
NTDLL.RtlZeroMemory
"`r_0"
"QYG6"
"#h<@D8u"
"kernel32.dll"
|
sub_40A4E2(256e):
KERNEL32.GetSystemDirectoryA
KERNEL32.GetVersion
KERNEL32.CreateFileA
KERNEL32.CloseHandle
KERNEL32.GlobalAddAtomA
KERNEL32.GetCurrentProcessId
KERNEL32.GetVersionExA
KERNEL32.GetProcessHeap
NTDLL.RtlGetLastWin32Error
KERNEL32.GetTickCount
KERNEL32.IsDebuggerPresent
KERNEL32.GetModuleFileNameA
KERNEL32.GetCurrentThreadId
KERNEL32.CopyFileA
KERNEL32.WinExec
KERNEL32.ExitProcess
KERNEL32.GetWindowsDirectoryA
USER32.LoadCursorA
USER32.LoadIconA
GDI32.GetStockObject
USER32.RegisterClassA
USER32.CreateWindowExA
KERNEL32.CreateMutexA
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
KERNEL32.CreateThread
USER32.SetTimer
USER32.TranslateMessage
USER32.DispatchMessageA
USER32.GetMessageA
"C-qT~V"
"d 9u5"
"¬”‚™†•‚ƒ¬ž”™ƒ‚”Þƒ‰ƒ"
"•ž‘’œ•”ƒ–"
"+SƒL"
"C:\\WINDOWS\\system32"
"KKQHOOK"
"Software\\Microsoft\\Windows"
"!‚*SL"
"&R:L"
"Õƒ¬ÕƒÞ•ˆ•"
"C:\\WINDOWS\\system32"
"82Q0vu "
"KKQHOOK"
"Software\\Microsoft\\Windows"
"Õƒ¬Õƒ"
"kkq32.dll"
"C:\\WINDOWS\\system32"
"Õƒ¬Õƒ"
"dnkkq.dll"
"C:\\WINDOWS\\system32"
"Õƒ¬Õƒ"
"datkkq32.dll"
"C:\\WINDOWS\\system32"
"DSH.i"
"¬’ŸŸ„Þƒ‰ƒ"
"KKQHOOK"
"X."
"KKQHOOK"
"KKQHOOK"
"KKQHOOK_28"
"%gp&"
"›•‚ž•œÃÂÞ”œœ"
"¢•—™ƒ„•‚£•‚†™“• ‚Ÿ“•ƒƒ"
" F"
"£Ÿ–„‡‘‚•¬½™“‚ŸƒŸ–„¬§™ž”Ÿ‡ƒ¬³…‚‚•ž„¦•‚ƒ™"...
"»"
"O?g‚"
"¦"
"³¼£¹´¬Õƒ¬¹ž ‚Ÿ“£•‚†•‚ÃÂ"
|
sub_4056EE(2689):
KERNEL32.GetCurrentThreadId
KERNEL32.GetCurrentProcessId
KERNEL32.LocalFree
KERNEL32.lstrlenA
KERNEL32.LocalAlloc
KERNEL32.GetTickCount
KERNEL32.GetTempPathA
NTDLL.RtlGetLastWin32Error
KERNEL32.IsDebuggerPresent
KERNEL32.GetVersion
KERNEL32.GetProcessHeap
KERNEL32.CreateFileA
KERNEL32.WriteFile
KERNEL32.CloseHandle
"q<"
"R1|`"
"‰ÏÓÊ"
"%.m%u2"
"›ÏÓÊË™"
"›ÏÂÆÙ"
"›ÓÎÓË™‚Ô‚Ò›ˆÓÎÓË™"
"›ˆÏÂÆÙ"
"›ÅÈÃÞ™"
"M=z>w"
"r I^^€b"
"Á‚‰”Ò"
"›ÎÉ×ÒÓ‡ÓÞך…ÂÃÎÓ…‡ÑÆËÒš€‚Ò€‡ÉÆÊš€Æ€™"...
"‚Ô‚Ä‚Ä"
"›ÎÉ×ÒÓ‡ÓÞך…ÂÃÎÓ…‡ÑÆËÒš€‚Ô€‡ÉÆÊš€‚Ô‚"...
"‚ÔÛ"
"F#=e "
"›ÎÉ×ÒÓ‡ÓÞך…ÂÃÎÓ…‡ÑÆËÒš€‚Ô€‡ÉÆÊš€‚Ô‚"...
"›ÎÉ×ÒÓ‡ÓÞך…ÔÒÅÊÎÓ…‡ÑÆËÒš€€™"
"›ˆÁÈÕÊ™"
"›ÔÄÕÎ×Ó™"
" ymkm&"
"‚Ä‚‰•Ò"
"ÁÒÉÄÓÎÈɇ‚ÔŽÜ"
"ÃÈÄÒÊÂÉÓ‰‚Ô‰ÔÒÅÊÎÓŽœ"
"%W*ƒ"
"›ˆÔÄÕÎ×Ó™"
"›ˆÅÈÃÞ™"
"›ˆÏÓÊË™"
"TcUrf"
|
sub_40849F(2a54):
KERNEL32.GetSystemDirectoryA
KERNEL32.GetTickCount
KERNEL32.CreateFileA
KERNEL32.GetFileTime
KERNEL32.SetFileTime
KERNEL32.CloseHandle
"fj:."
"s+HQ-ZT"
"\x1B,\"5)\"+tui#++"
|
sub_4038D6(2d63):
KERNEL32.IsDebuggerPresent
KERNEL32.GetCurrentProcessId
KERNEL32.GlobalAddAtomA
"¡›"
|
sub_4088C3(340e):
KERNEL32.GetCurrentProcessId
NTDLL.RtlZeroMemory
KERNEL32.GetProcessHeap
KERNEL32.GetCurrentThreadId
"s91RNDU"
" KSh/4"
|
sub_403AC7(375b):
NTDLL.RtlGetLastWin32Error
KERNEL32.GetSystemDirectoryA
KERNEL32.GetVolumeInformationA
"+>6V"
|
sub_40A482(3785):
NTDLL.RtlGetLastWin32Error
KERNEL32.OpenMutexA
KERNEL32.CloseHandle
"KKQHOOK_28"
|
sub_40403C(3886):
KERNEL32.WriteFile
KERNEL32.GetVersion
KERNEL32.CloseHandle
"MB]GJR+}RG`^|am]k|xk|=<"
|
sub_4024F3(3890):
KERNEL32.GetTickCount
"z9Daw"
|
sub_404602(3b71):
KERNEL32.GetProcessHeap
KERNEL32.GetCurrentThreadId
USER32.GetThreadDesktop
USER32.CreateDesktopA
KERNEL32.IsDebuggerPresent
USER32.SetThreadDesktop
"blind_user"
|
sub_405368(427a):
KERNEL32.CreateFileA
KERNEL32.GetProcessHeap
KERNEL32.SetFilePointer
KERNEL32.WriteFile
KERNEL32.GetVersion
KERNEL32.CloseHandle
KERNEL32.GetTickCount
"a`rc"
|
sub_40409C(447a):
"Zf|kojg`iCajkb"
"O~o|zck`z"
"]ahzyo|kRCgm|a}ahzRYg`jay}RM{||k`zXk|}g"...
|
sub_4015C0(452d):
ADVAPI32.RegCreateKeyExA
ADVAPI32.RegSetValueExA
KERNEL32.GetVersion
ADVAPI32.RegCloseKey
"+vyfu C"
"PzL‚P4"
"#7CX|"
|
sub_4022D1(462b):
NTDLL.RtlGetLastWin32Error
KERNEL32.GetModuleHandleA
KERNEL32.GetProcAddress
KERNEL32.IsDebuggerPresent
"ntdll.dll"
"RtlInitUnicodeString"
"NtUnmapViewOfSection"
"NtMapViewOfSection"
"RtlNtStatusToDosError"
|
sub_406B40(4824):
NTDLL.RtlGetLastWin32Error
KERNEL32.GetCurrentThreadId
KERNEL32.GetCurrentProcessId
USER32.GetWindowTextA
KERNEL32.GetVersion
KERNEL32.IsDebuggerPresent
KERNEL32.GetProcessHeap
"M ‚€J"
|
sub_40352B(4c75):
NTDLL.RtlGetLastWin32Error
KERNEL32.GetCurrentThreadId
KERNEL32.GlobalAddAtomA
|
sub_405600(4e99):
KERNEL32.GetTickCount
KERNEL32.lstrlenA
KERNEL32.LocalAlloc
"8x6d"
"Lw%$"
"‚Ô‚Ä‚Ä"
|
sub_408C98(5094):
KERNEL32.GetCurrentThreadId
USER32.ShowWindow
USER32.GetWindowRect
USER32.CreateWindowExA
KERNEL32.GetCurrentProcessId
KERNEL32.GetTickCount
GDI32.CreateFontA
USER32.SendMessageA
KERNEL32.GetProcessHeap
NTDLL.RtlGetLastWin32Error
USER32.GetWindowLongA
USER32.SetWindowLongA
USER32.SetFocus
KERNEL32.GetVersion
"´Ÿ“¿’š•“„"
"µˆ€œŸ‚•‚"
"KKQHOOK"
"£¤±¤¹³"
"£¤±¤¹³"
"³¿½²¿²¿¨"
"³¿½²¿²¿¨"
"*5pApG&"
"ÕÞÂ…"
"ÂÀÕÞÂ…"
"£¤±¤¹³"
"©Ÿ…‚Г‘‚”О…’•‚"
"£¤±¤¹³"
"£¤±¤¹³"
"±¤½Ð ¹¾Ý³Ÿ”•"
"£¤±¤¹³"
"¥ž‘’œ•Ð„ŸÐ‘…„˜Ÿ‚™Š•Þб¤½Ð ¹¾Ý³Ÿ”•Ð™ƒÐ‚•"...
"£¤±¤¹³"
" œ•‘ƒ•Ð‘›•Ð“Ÿ‚‚•“„™ŸžƒÐ‘ž”Є‚‰Ð‘—‘™žÞ"
"µ´¹¤"
"µ´¹¤"
"²¥¤¤¿¾"
"³œ™“›Ð¿ž“•Ð¤ŸÐ³Ÿž„™ž…•"
"6#,K"
"RJHGHl6"
|
sub_4014AA(514b):
KERNEL32.GetCurrentProcessId
ADVAPI32.RegOpenKeyExA
KERNEL32.GetProcessHeap
ADVAPI32.RegQueryValueExA
ADVAPI32.RegCloseKey
|
sub_40479E(5acd):
KERNEL32.GetCurrentThreadId
KERNEL32.GetCurrentProcessId
KERNEL32.GetTickCount
" musR"
"ƒ†Œ"
"‰ß‰Ï"
"Œ†ƒ"
"ÚÍÞŒ‰Ï‰Ï‰ÏŒ‘Œ‰Ù—"
"ƒƒ‰Ï‰Ï‰Ï¡¦"
"¡¦"
|
sub_401DE8(5b2b):
KERNEL32.GetProcessHeap
KERNEL32.GetCurrentProcessId
KERNEL32.GetCurrentThreadId
KERNEL32.IsDebuggerPresent
NTDLL.RtlGetLastWin32Error
KERNEL32.GetVersion
KERNEL32.GetTickCount
|
sub_4046BD(5eda):
KERNEL32.GetCurrentThreadId
KERNEL32.GetCurrentProcessId
"blind_user"
|
sub_408A61(637e):
"+vyfu C"
"#7CX|"
|
sub_40879D(6432):
KERNEL32.IsDebuggerPresent
KERNEL32.VirtualAlloc
KERNEL32.GetCurrentProcessId
|
sub_40ACD5(69d7):
NTDLL.RtlGetLastWin32Error
KERNEL32.GetVersion
USER32.SetFocus
KERNEL32.IsDebuggerPresent
USER32.CallWindowProcA
KERNEL32.GetCurrentProcessId
"lwld%"
|
sub_40107A(6c44):
NTDLL.RtlUnwind
|
sub_405409(71e8):
KERNEL32.IsDebuggerPresent
KERNEL32.GetCurrentThreadId
KERNEL32.GetTickCount
WININET.FindFirstUrlCacheEntryA
KERNEL32.GetVersion
WININET.FindNextUrlCacheEntryA
"˜"
"‰"
|
sub_404DE3(795f):
KERNEL32.GetCurrentThreadId
NTDLL.RtlGetLastWin32Error
KERNEL32.GetTickCount
KERNEL32.IsDebuggerPresent
"Î’"
"Ù’"
"Å’"
"ƒÅ’"
"uW V"
"ƒÎ’"
"ƒÙ’"
"ƒÊÃÂØ’"
"ÏÉÂØÉÞ’"
"ƒÏÉÂØÉÞ’"
"¡¦"
|
sub_40ADF7(809a):
KERNEL32.GetCurrentThreadId
KERNEL32.GetTickCount
USER32.GetWindowRect
KERNEL32.GetCurrentProcessId
USER32.MoveWindow
USER32.PostQuitMessage
USER32.DestroyWindow
NTDLL.RtlGetLastWin32Error
GDI32.SetTextColor
GDI32.SetBkColor
GDI32.CreateBrushIndirect
USER32.GetWindowTextA
USER32.MessageBoxA
USER32.SetFocus
KERNEL32.IsDebuggerPresent
KERNEL32.GetVersion
KERNEL32.GetProcessHeap
KERNEL32.CreateFileA
KERNEL32.SetFilePointer
KERNEL32.WriteFile
KERNEL32.CloseHandle
USER32.ShowWindow
USER32.DefWindowProcA
"´Ÿ“¿’š•“„"
"µˆ€œŸ‚•‚"
"~ E- "
"ZmM&"
"Õƒ"
" œ•‘ƒ•ÜЃ•œ•“„еˆ€™‚‘„™ŸžÐ½Ÿž„˜"
"ÕƒÐÕƒ"
" œ•‘ƒ•ÜЃ•œ•“„еˆ€™‚‘„™ŸžÐ©•‘‚"
"ÕƒÝÕƒ"
"¥ž‘’œ•Ð„ŸÐ‘…„˜Ÿ‚™Š•ÐÝй¾³¿¢¢µ³¤Ð ¹¾ÞÐ œ"...
"¥ž‘’œ•Ð„ŸÐ‘…„˜Ÿ‚™Š•"
"ÕƒÐÕƒ"
"FnA@ :"
"<2Z !"
"C-FW"
|
sub_401AC1(841d):
KERNEL32.CreateFileA
KERNEL32.GetFileSize
KERNEL32.LocalAlloc
KERNEL32.IsDebuggerPresent
KERNEL32.ReadFile
KERNEL32.GetProcessHeap
KERNEL32.CloseHandle
NTDLL.RtlGetLastWin32Error
" |
sub_403BAD(8a68):
KERNEL32.GetCurrentThreadId
KERNEL32.GetCurrentProcessId
KERNEL32.CreateFileA
KERNEL32.WriteFile
KERNEL32.CloseHandle
KERNEL32.GetModuleFileNameA
KERNEL32.WinExec
"G8C: 5"
"BP~up"
"+}R+} kvk"
"C:\\WINDOWS\\system32"
"zS"
"."
"j# so‚V"
|
sub_40C0B4(8c45):
KERNEL32.GetCommandLineA
KERNEL32.GetModuleHandleA
|
sub_406A44(8cdf):
KERNEL32.GetCurrentProcessId
KERNEL32.IsDebuggerPresent
" + '<"
"{9BA05972-F6A8-11CF-A442-00A0C90A8F39}"
"ViFA"
|
sub_401719(8f25):
KERNEL32.IsDebuggerPresent
" xd9"
|
sub_404D49(9827):
"‰ß‰Ï"
"ÎÞ’"
|
sub_404A6B(9b1d):
"h&sL?2*"
"Œ"
|
sub_4042A4(9ea9):
KERNEL32.GetTickCount
KERNEL32.GetModuleFileNameA
KERNEL32.GetVersionExA
KERNEL32.GetCurrentThreadId
KERNEL32.GetSystemDirectoryA
KERNEL32.GetWindowsDirectoryA
KERNEL32.IsDebuggerPresent
KERNEL32.DeleteFileA
KERNEL32.CreateFileA
NTDLL.RtlGetLastWin32Error
KERNEL32.WriteFile
KERNEL32.GetCurrentProcessId
KERNEL32.CloseHandle
KERNEL32.WinExec
"–ÀïËÀßÕ×ßÝÇÑÒÇ"
"–ÀïÐÞ×ÃÚÕ"
"ïÐÞ×ÖËÖ"
"–ÀïËÀßÕ×ߊËÑÒÇ"
"–ÀïÐÜÞÞÒÝ×ÃÚÕ"
"ïÐÜÞÞÒÝ×ÐÜÞ"
|
sub_403453(a06c):
KERNEL32.GetCurrentProcessId
KERNEL32.GetTickCount
"$'vp"
"y@j?"
|
sub_408886(a0ae):
"V& 2"
|
sub_401C5D(a290):
KERNEL32.GetVersion
KERNEL32.lstrlenA
KERNEL32.GetProcessHeap
" |
sub_4096E4(a79b):
KERNEL32.GetVersion
KERNEL32.GetTickCount
KERNEL32.GetProcessHeap
KERNEL32.GetCurrentThreadId
KERNEL32.IsDebuggerPresent
KERNEL32.GetCurrentProcessId
KERNEL32.DeleteFileA
NTDLL.RtlGetLastWin32Error
KERNEL32.CreateFileA
KERNEL32.GetFileSize
KERNEL32.CloseHandle
KERNEL32.GetSystemDirectoryA
KERNEL32.GetWindowsDirectoryA
KERNEL32.WinExec
KERNEL32.LocalFree
" xeI?<"
"zMB%L "
" |
sub_407F91(a7b1):
KERNEL32.GetCurrentThreadId
NTDLL.RtlGetLastWin32Error
|
sub_404156(a847):
KERNEL32.IsDebuggerPresent
ADVAPI32.RegCreateKeyExA
KERNEL32.GetCurrentThreadId
ADVAPI32.RegSetValueExA
ADVAPI32.RegCloseKey
" Jdh1c"
|
sub_4036DA(a9bc):
KERNEL32.GetTickCount
KERNEL32.GetProcessHeap
"4D_w"
"mrie"
|
sub_404770(ac26):
KERNEL32.GetCurrentProcessId
"A k &s"
|
sub_402936(b1d3):
KERNEL32.GetProcessHeap
KERNEL32.GetTickCount
"@~?^"
"I&n-*w"
|
sub_406E3F(bf1a):
KERNEL32.GetVersion
KERNEL32.IsDebuggerPresent
NTDLL.RtlGetLastWin32Error
USER32.GetForegroundWindow
KERNEL32.GetTickCount
KERNEL32.GetCurrentProcessId
KERNEL32.GetCurrentThreadId
KERNEL32.GetProcessHeap
"value"
"name"
"TNa=J:4"
"iHO$|"
"E osJ"
" 0SFvu "
"r= O0P"
".;^LeIV"
" $iArA"
"P!-%\"<+A*#>!3I4RL"
"P*>-!)3I4A*#>!3I4RL"
"`?^HG"
"j €+ "
"`IS~"
"& y$`3"
"M#nk y"
"<747~P"
"-Umxi"
"LI4V"
"@mC@_6u"
"61"
" xfR"
"UkƒƒV"
"<ƒ^>ƒ"
|
sub_408043(c182):
NTDLL.RtlGetLastWin32Error
KERNEL32.GetCurrentThreadId
KERNEL32.CreateThread
KERNEL32.CloseHandle
|
sub_4069C8(d6d0):
KERNEL32.GetProcessHeap
"E`Sk "
|
sub_403D6F(dc5e):
KERNEL32.GetTickCount
KERNEL32.GetCurrentProcessId
KERNEL32.CreateFileA
"u+>:V+>:V#+>:V#+>:V#+>:V#+>:V+>:V+>:Vs"
";xF:7="
"x‚-QU"
"+}R+} jbb"
"C:\\WINDOWS\\system32"
"Jfjbnm32"
|
sub_40133E(dcae):
KERNEL32.IsDebuggerPresent
KERNEL32.CreateFileA
KERNEL32.GetProcessHeap
KERNEL32.ReadFile
KERNEL32.GetCurrentProcessId
KERNEL32.CloseHandle
|
sub_4081B0(dcfc):
KERNEL32.GetCurrentProcessId
NTDLL.RtlGetLastWin32Error
KERNEL32.IsDebuggerPresent
KERNEL32.GetProcessHeap
KERNEL32.GetCurrentThreadId
KERNEL32.CreateFileA
KERNEL32.SetFilePointer
KERNEL32.WriteFile
KERNEL32.CloseHandle
"?8"
" |
sub_4085C0(dd39):
KERNEL32.GetVersion
KERNEL32.CreateFileA
NTDLL.RtlGetLastWin32Error
KERNEL32.WriteFile
KERNEL32.GetProcessHeap
KERNEL32.CloseHandle
KERNEL32.GetSystemDirectoryA
KERNEL32.IsDebuggerPresent
KERNEL32.DeleteFileA
KERNEL32.WinExec
"c:\\boot.sys"
"%CJ a/"
"MZ"
" < z"
"b4\x1B$*#i7.!"
|
sub_408BEF(e22c):
USER32.GetWindow
KERNEL32.GetProcessHeap
USER32.GetClassNameA
KERNEL32.GetCurrentThreadId
"=n`F8"
|
sub_4063A9(e595):
KERNEL32.GetVersion
KERNEL32.InterlockedIncrement
NTDLL.RtlGetLastWin32Error
KERNEL32.LocalFree
KERNEL32.GetTickCount
KERNEL32.ExpandEnvironmentStringsA
KERNEL32.GetCurrentProcessId
KERNEL32.IsDebuggerPresent
KERNEL32.CreateProcessA
KERNEL32.GetProcessHeap
KERNEL32.CloseHandle
USER32.FindWindowA
KERNEL32.Sleep
USER32.GetWindowTextA
KERNEL32.GetCurrentThreadId
KERNEL32.CopyFileA
KERNEL32.DeleteFileA
KERNEL32.lstrlenA
KERNEL32.TerminateProcess
"+GF "
"hV1xJ"
"6DJg"
"‚Ô‚Ò‡Š‡êÎÄÕÈÔÈÁÓ‡îÉÓÂÕÉÂÓ‡âß×ËÈÕÂÕ"
"îâáÕÆÊÂ"
"X-okRecv11"
"&X"
" |