sub_outside():
	KERNEL32.GetModuleHandleA
	KERNEL32.DeleteFileA
	NTDLL.RtlGetLastWin32Error
	KERNEL32.ExitProcess
	KERNEL32.Sleep
	WININET.InternetGetConnectedState

sub_3143215E(09ff):
	MSVCRT.memset
	KERNEL32.CreateProcessA
	KERNEL32.CloseHandle

sub_31432C62(11f6):
	KERNEL32.DeleteFileA
	KERNEL32.GetSystemDirectoryA
	MSVCRT.rand
	KERNEL32.lstrcatA
	KERNEL32.CopyFileA
	KERNEL32.lstrlenA
	KERNEL32.CloseHandle
	KERNEL32.WinExec
	KERNEL32.Sleep
	KERNEL32.ExitProcess

	"Cryptographic	Service"
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...

sub_31432AA2(12a2):
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey

sub_3143210D(1a20):
	KERNEL32.CreateThread
	KERNEL32.CloseHandle

sub_31432A14(2057):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegDeleteValueA
	ADVAPI32.RegCloseKey

sub_314318EA(23eb):
	ADVAPI32.CryptAcquireContextA
	ADVAPI32.CryptImportKey

sub_31431939(2986):
	ADVAPI32.CryptDestroyKey
	ADVAPI32.CryptReleaseContext

sub_31432239(3338):
	WS2_32.recv
	MSVCRT.strstr
	WS2_32.send
	USER32.wsprintfA
	MSVCRT.strlen
	KERNEL32.Sleep
	KERNEL32.InterlockedIncrement
	WS2_32.shutdown
	WS2_32.closesocket
	KERNEL32.ExitThread

	"GET"
	"HTTP/1.1 200 OK\r\nContent-Type: applicat"...
	"Content-Length: %u\r\n\r\n"
	"HTTP/1.1 200 OK\r\n\r\n\r\n"

sub_314320F3(336c):
	KERNEL32.CreateThread

sub_31432E6C(3cd5):
	KERNEL32.VirtualAlloc

sub_3143278A(4556):
	MSVCRT.rand
	KERNEL32.InterlockedIncrement
	KERNEL32.Sleep

sub_31431F23(4891):
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress
	KERNEL32.GetCurrentProcess

	"advapi32"
	"OpenProcessToken"
	"LookupPrivilegeValueA"
	"AdjustTokenPrivileges"
	"SeDebugPrivilege"

sub_31431313(48f8):
	MSVCRT.strchr

	"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
	"abcdefghijklmnopqrstuvwxyz"

sub_31432728(4c74):
	MSVCRT.rand
	KERNEL32.Sleep

sub_3143237F(52a4):
	KERNEL32.CreateFileA
	KERNEL32.ExitThread
	KERNEL32.GetFileSize
	KERNEL32.ReadFile
	KERNEL32.CloseHandle
	WS2_32.socket
	MSVCRT.memset
	MSVCRT.rand
	WS2_32.ntohs
	WS2_32.bind
	WS2_32.listen
	WS2_32.accept

	"Cryptographic	Service"
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...

sub_314311A0(531a):
	WININET.InternetOpenA
	KERNEL32.GetSystemDirectoryA
	KERNEL32.lstrcatA
	KERNEL32.lstrlenA
	KERNEL32.CreateFileA
	WININET.InternetOpenUrlA
	KERNEL32.CloseHandle
	WININET.InternetReadFile
	KERNEL32.WriteFile

	"Mozilla/4.0 (compatible; MSIE	6.0; Wind"...

sub_31431955(7512):
	ADVAPI32.CryptCreateHash
	ADVAPI32.CryptHashData
	ADVAPI32.CryptVerifySignatureA
	ADVAPI32.CryptDestroyHash

sub_31432BAD(7561):
	"Windows	Security Manager"
	"Disk Defragmenter"
	"System Restore Service"
	"Bot Loader"
	"WinUpdate"
	"Windows	Update Service"
	"avserve.exe"
	"avserve2.exeUpdate Service"
	"MS	Config v13"
	"Windows Update"
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...

sub_31432A49(75ba):
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	ADVAPI32.RegCloseKey

sub_3143141F(7c7c):
	MSVCRT.strstr
	KERNEL32.lstrlenA
	MSVCRT.strchr
	MSVCRT.atoi
	USER32.wsprintfA
	KERNEL32.InterlockedExchange

	"zer0"
	"zer1"
	"Software\\Microsoft\\Wireless"
	"%d"

sub_31431FAB(7e12):
	KERNEL32.GetModuleHandleA
	KERNEL32.GetProcAddress
	USER32.FindWindowA
	USER32.GetForegroundWindow
	USER32.GetWindowThreadProcessId
	KERNEL32.OpenProcess
	KERNEL32.WriteProcessMemory
	KERNEL32.CloseHandle

	"kernel32"
	"VirtualAllocEx"
	"CreateRemoteThread"
	"uterm19-2"

sub_314321F3(81da):
	WININET.InternetGetConnectedState

sub_31432559(82c5):
	KERNEL32.WaitForSingleObject

sub_31432223(85d4):
	MSVCRT.rand

sub_31432AF5(87a6):
	KERNEL32.lstrlenA
	KERNEL32.CreateToolhelp32Snapshot
	MSVCRT.memset
	KERNEL32.Process32First
	MSVCRT.strstr
	KERNEL32.OpenProcess
	KERNEL32.TerminateProcess
	KERNEL32.Process32Next

sub_3143256D(99a0):
	KERNEL32.CreateEventA
	KERNEL32.LoadLibraryA
	ADVAPI32.AbortSystemShutdownA
	KERNEL32.Sleep

	"u10x"
	"u11x"
	"u12x"
	"u13x"
	"u14x"
	"u15x"
	"u16x"
	"u17x"
	"u18x"
	"u19x"
	"u8"
	"u9"
	"u10"
	"u11"
	"u12"
	"u13"
	"u13i"
	"u14"
	"u15"
	"u16"
	"u17"
	"u18"
	"u19"
	"u20"
	"u20x"
	"ws2_32"
	"wininet"
	"msvcrt"
	"advapi32"
	"user32"
	"uterm20"

sub_31432D2E(99c3):
	KERNEL32.GetModuleFileNameA
	MSVCRT.rand
	KERNEL32.lstrlenA
	KERNEL32.lstrcpyA
	KERNEL32.lstrcmpiA

	"Software\\Microsoft\\Wireless"
	"ID"
	"fgnsdrjyrsert"
	"ID"
	"Cryptographic	Service"
	"SOFTWARE\\Microsoft\\Windows\\CurrentVersi"...
	"1"
	"Client"
	"Client"

sub_314328D7(a67f):
	WS2_32.inet_ntoa
	KERNEL32.lstrcpyA
	USER32.wsprintfA
	KERNEL32.lstrlenA

	"http://%s:%d/x.exe"

sub_31432E80(a71a):
	KERNEL32.VirtualFree

sub_314320E4(a71a):
	KERNEL32.CreateMutexA

sub_314319BC(abb0):
	WS2_32.socket
	WS2_32.inet_ntoa
	KERNEL32.lstrcpynA
	USER32.wsprintfA
	MSVCRT.memcpy
	MSVCRT.strlen
	MSVCRT.memset
	WS2_32.ntohs
	WS2_32.connect
	KERNEL32.Sleep
	WS2_32.send
	WS2_32.recv
	KERNEL32.lstrlenA
	WS2_32.shutdown
	WS2_32.closesocket

sub_31431782(b40f):
	KERNEL32.GetLocaleInfoA
	USER32.wsprintfA
	WININET.InternetOpenA
	WININET.InternetOpenUrlA
	WININET.InternetReadFile
	WININET.InternetCloseHandle

	"http://%s/index.php?id=%s&scn=%d&inf=%d"...
	"http://%s"
	"Mozilla/4.0 (compatible; MSIE	6.0; Wind"...

sub_314321B4(b95f):
	WS2_32.gethostname
	WS2_32.WSAGetLastError
	WS2_32.gethostbyname

sub_314320B6(bc62):
	KERNEL32.GetTickCount
	MSVCRT.srand

sub_31432209(c55d):
	KERNEL32.OpenEventA
	KERNEL32.SetEvent

sub_3143212E(e56c):
	MSVCRT.rand

sub_314324C3(e965):
	WS2_32.WSAStartup

sub_31432810(ebcf):
	MSVCRT.rand
	KERNEL32.InterlockedIncrement
	KERNEL32.Sleep
	KERNEL32.ExitThread

sub_3143185D(f36a):
	KERNEL32.InterlockedExchange
	MSVCRT.rand
	KERNEL32.Sleep