sub_outside(): KERNEL32.GetCurrentProcessId NTDLL.RtlGetLastWin32Error KERNEL32.GetProcessHeap KERNEL32.GetTickCount KERNEL32.IsDebuggerPresent KERNEL32.GetVersion KERNEL32.GlobalFindAtomA KERNEL32.GetCurrentThreadId KERNEL32.GlobalDeleteAtom |
sub_406E2B(0136): KERNEL32.GetVersion KERNEL32.GetProcessHeap USER32.GetForegroundWindow KERNEL32.IsDebuggerPresent KERNEL32.GetTickCount NTDLL.RtlGetLastWin32Error KERNEL32.GetCurrentThreadId KERNEL32.GetCurrentProcessId "value" "name" "op*" "AcBLs" "J$xE+?" "9EB#" "^85/4=|" " w*UN@" "Ѡȵ" "ѫȵȵ" ";AKuX" "" " E~^W" "u;D " "==" "T6Rr" ",F`>a" "MI ~j" "SAg0" "ȵ" "" "" "S ht|" "Ê" "ÊÌ" "W ^" "d:x`n" |
sub_4028A6(0275): KERNEL32.GetCurrentThreadId NTDLL.RtlGetLastWin32Error KERNEL32.GetVersion KERNEL32.IsDebuggerPresent KERNEL32.GetTickCount |
sub_40A766(03fc): KERNEL32.IsDebuggerPresent NTDLL.RtlGetLastWin32Error KERNEL32.GetSystemDirectoryA KERNEL32.CreateFileA KERNEL32.CloseHandle KERNEL32.GlobalAddAtomA KERNEL32.GetVersion KERNEL32.GetVersionExA KERNEL32.GetTickCount KERNEL32.GetModuleFileNameA KERNEL32.GetCurrentThreadId KERNEL32.CopyFileA KERNEL32.WinExec KERNEL32.ExitProcess KERNEL32.GetWindowsDirectoryA USER32.LoadCursorA USER32.LoadIconA GDI32.GetStockObject USER32.RegisterClassA KERNEL32.GetCurrentProcessId USER32.CreateWindowExA KERNEL32.CreateMutexA KERNEL32.GetModuleHandleA KERNEL32.GetProcAddress KERNEL32.CreateThread USER32.SetTimer USER32.TranslateMessage USER32.DispatchMessageA USER32.GetMessageA "qk " "" "C:\\WINDOWS\\System32" "3hAy" "KKQHOOK" "Software\\Microsoft\\Windows" "<8B=tf" "_r&nx" "C:\\WINDOWS\\System32" "KKQHOOK" "Software\\Microsoft\\Windows" "kkq32.dll" "C:\\WINDOWS\\System32" "dnkkq.dll" "C:\\WINDOWS\\System32" "datkkq32.dll" "C:\\WINDOWS\\System32" "KKQHOOK" "KKQHOOK" "KKQHOOK" "KKQHOOK_28" "" "|vCXS" " w bqy " "W!aS@" "l:K VM~" "Sc g" "3Sd_" "^+k!~T" |
sub_40494F(078e): "PMAAL" |
sub_4024C1(07e2): KERNEL32.GetTickCount KERNEL32.GetCurrentProcessId |
sub_401D14(0c98): KERNEL32.GetTickCount KERNEL32.GetVersion NTDLL.RtlGetLastWin32Error KERNEL32.GetCurrentThreadId KERNEL32.GetCurrentProcessId "l2r-6;." "F 5 0z" |
sub_4040AA(0e15): KERNEL32.IsDebuggerPresent ADVAPI32.RegSetValueExA KERNEL32.GetProcessHeap ADVAPI32.RegCloseKey |
sub_4053A1(0f85): KERNEL32.GetVersion KERNEL32.GetProcessHeap WININET.FindFirstUrlCacheEntryA KERNEL32.GetTickCount NTDLL.RtlGetLastWin32Error KERNEL32.GetCurrentProcessId WININET.FindNextUrlCacheEntryA KERNEL32.GetCurrentThreadId "W _07ye" |
sub_404878(14fd): KERNEL32.GetVersion "af" |
sub_4085D0(1db6): KERNEL32.GetProcessHeap KERNEL32.GetVersion KERNEL32.CreateFileA KERNEL32.WriteFile KERNEL32.GetCurrentProcessId KERNEL32.CloseHandle KERNEL32.GetSystemDirectoryA KERNEL32.IsDebuggerPresent KERNEL32.DeleteFileA KERNEL32.WinExec KERNEL32.GetTickCount "c:\\boot.sys" "渡" |
sub_404194(1f68): KERNEL32.GetModuleFileNameA KERNEL32.GetVersionExA KERNEL32.GetSystemDirectoryA KERNEL32.GetProcessHeap KERNEL32.GetWindowsDirectoryA KERNEL32.GetTickCount KERNEL32.GetVersion KERNEL32.DeleteFileA KERNEL32.CreateFileA KERNEL32.GetCurrentThreadId KERNEL32.WriteFile KERNEL32.CloseHandle KERNEL32.WinExec "%&nb.ya" " $~@p" " p" " vK%;" "ݠޓˍٍލ"... "ލ" |
sub_4036F2(239f): KERNEL32.IsDebuggerPresent KERNEL32.GetCurrentProcessId KERNEL32.GlobalAddAtomA |
sub_408BE4(35e3): KERNEL32.GetTempPathA KERNEL32.CreateFileA KERNEL32.SetFilePointer KERNEL32.WriteFile KERNEL32.CloseHandle KERNEL32.ExpandEnvironmentStringsA KERNEL32.CreateProcessA KERNEL32.TerminateProcess KERNEL32.DeleteFileA ".htm" " |