sub_401044(0b99):
	KERNEL32.lstrlen

	"http://85.114.140.107/~grander/RBvBm106"...

sub_401000(2cd1):
	"http://85.114.140.107/~grander/RBvBm106"...
	"8"
	"Dummy"
	"Software\\Microsoft\\Windows\\CurrentVersi"...

sub_401079(2f46):
	WS2_32.inet_ntoa
	USER32.wsprintfA
	WININET.InternetOpenUrlA
	KERNEL32.CreateFileA
	WININET.InternetReadFile
	KERNEL32.WriteFile
	KERNEL32.CloseHandle
	KERNEL32.DeleteFileA
	KERNEL32.GetCurrentDirectoryA
	KERNEL32.lstrcat
	KERNEL32.GetVersion
	WININET.InternetCloseHandle

	"http://85.114.140.107/~grander/RBvBm106"...
	"http"
	"%s://%s/~grander/%s"
	"http://85.114.140.107/~grander/RBvBm106"...
	"http://85.114.140.107/~grander/RBvBm106"...
	"SYSTEM\\CurrentControlSet\\Services\\Share"...
	"\\"
	"http://85.114.140.107/~grander/RBvBm106"...
	"Fbsgjner\\Zvpebfbsg\\Jvaqbjf\\PheeragIrefv"...

start(3170):
	KERNEL32.GetTempPathA
	KERNEL32.SetCurrentDirectoryA
	KERNEL32.FindFirstFileA
	KERNEL32.DeleteFileA
	KERNEL32.FindNextFileA
	KERNEL32.FindClose
	KERNEL32.GetVersion
	KERNEL32.lstrcpy
	KERNEL32.GetModuleFileNameA
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress
	KERNEL32.GetDriveTypeA
	KERNEL32.ExitProcess

	"http://85.114.140.107/~grander/RBvBm106"...
	"SYSTEM\\CurrentControlSet\\Services\\Share"...
	"SYSTEM\\CurrentControlSet\\Services\\Share"...
	"http://85.114.140.107/~grander/RBvBm106"...
	"JVAVARG.QYY"
	"VagreargBcraHeyN"
	"http://85.114.140.107/~grander/RBvBm106"...
	"VagreargErnqSvyr"
	"VagreargPybfrUnaqyr"
	"PSTO_RBvBm1066.exe"
	"B:\\"
	"http://85.114.140.107/~grander/RBvBm106"...
	"http://85.114.140.107/~grander/RBvBm106"...
	"http://85.114.140.107/~grander/RBvBm106"...

sub_4012C8(66cb):
	"http://85.114.140.107/~grander/RBvBm106"...

sub_4012FA(6db3):
	USER32.wsprintfA

	"%s:*:enabled:@shell32.dll,-1"
	"SYSTEM\\CurrentControlSet\\Services\\Share"...

sub_4011A4(b484):
	KERNEL32.Sleep
	KERNEL32.lstrlen
	KERNEL32.FindFirstFileA
	KERNEL32.lstrcpy
	KERNEL32.lstrcat
	KERNEL32.CreateFileA
	KERNEL32.CloseHandle
	KERNEL32.FindNextFileA
	KERNEL32.FindClose

	"http://85.114.140.107/~grander/RBvBm106"...
	"http://85.114.140.107/~grander/RBvBm106"...
	"http://85.114.140.107/~grander/RBvBm106"...
	"\\"
	"http://85.114.140.107/~grander/RBvBm106"...

sub_40102A(e11f):
	"Dummy"
	"Software\\Microsoft\\Windows\\CurrentVersi"...