sub_outside():
	USER32.wsprintfA
	KERNEL32.GetCurrentProcess
	KERNEL32.TerminateProcess

sub_401189(0106):
	USER32.GetCursorPos
	KERNEL32.GetSystemTimeAsFileTime
	KERNEL32.GetTickCount
	KERNEL32.lstrcpyA

sub_401247(0ee2):
	KERNEL32.GetModuleFileNameA
	KERNEL32.SetFileAttributesA
	KERNEL32.GetFileAttributesA
	KERNEL32.GetTempPathA
	KERNEL32.lstrcpyA
	KERNEL32.lstrcatA
	KERNEL32.CreateFileA
	KERNEL32.WriteFile
	KERNEL32.CloseHandle
	KERNEL32.CreateProcessA

	"removalfile.bat"
	"@echo	off\r\n:df\r\ndel %1\r\nif exist %1 got"...
	" \""
	"\""

sub_401000(3a7e):
	KERNEL32.CreateFileA
	KERNEL32.WriteFile
	KERNEL32.CloseHandle

sub_4013A9(3cd5):
	KERNEL32.VirtualAlloc

sub_4013D6(4b68):
	KERNEL32.GetVersionExA
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress
	KERNEL32.GetCurrentProcess
	KERNEL32.lstrcpyA
	NTDLL.RtlSetLastWin32Error
	NTDLL.RtlGetLastWin32Error
	KERNEL32.CloseHandle
	KERNEL32.FreeLibrary

	"advapi32.dll"
	"AllocateAndInitializeSid"
	"OpenProcessToken"
	"GetTokenInformation"
	"EqualSid"
	"FreeSid"

sub_40166D(78d9):
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress
	KERNEL32.FreeLibrary

	"dll"

sub_401059(926c):
	KERNEL32.lstrlenA
	KERNEL32.GetModuleFileNameA
	KERNEL32.CreateFileA
	KERNEL32.CloseHandle
	KERNEL32.SetFilePointer
	KERNEL32.ReadFile
	KERNEL32.WriteFile

	"azxcdsweq"

sub_4013BD(c70c):
	KERNEL32.VirtualFree

sub_4015B3(e9ba):
	KERNEL32.GetSystemDirectoryA
	KERNEL32.lstrcatA
	KERNEL32.GetTempPathA
	KERNEL32.SetFileAttributesA
	KERNEL32.GetModuleHandleA
	KERNEL32.FindResourceA
	KERNEL32.LoadResource
	KERNEL32.SetHandleCount
	KERNEL32.SizeofResource

	"\\"
	"BIN"