sub_40120B(2b3a):
	WININET.FindFirstUrlCacheEntryA
	KERNEL32.GlobalAlloc
	KERNEL32.GlobalLock
	WININET.DeleteUrlCacheEntryA
	KERNEL32.GlobalUnlock
	KERNEL32.GlobalFree
	WININET.FindNextUrlCacheEntryA

sub_40150E(5237):
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey

	" "
	"SOFTWARE\\Policies\\Microsoft\\Windows NT\\"...
	" "
	" "

sub_4012DD(5817):
	KERNEL32.GetSystemTimeAsFileTime
	USER32.wsprintfA
	KERNEL32.GetTempPathA
	KERNEL32.lstrcatA
	KERNEL32.Sleep
	KERNEL32.CreateFileA
	KERNEL32.GetFileSize
	KERNEL32.ReadFile
	KERNEL32.WriteFile
	KERNEL32.CloseHandle
	KERNEL32.DeleteFileA
	KERNEL32.GetStartupInfoA
	KERNEL32.CreateProcessA

	"%lu.exe"
	"1646169094.exe"
	"1646169094.exe"
	"%lu.exe"
	"1646169094.exe"
	"1646169094.exe"
	"1C97AE360A5D87A"
	"http://jebo.name/cd/un2.php?id=1C97AE36"...
	"http://jebo.name/cd/un2.php?id=1C97AE36"...

start(6791):
	KERNEL32.GetSystemDirectoryA
	KERNEL32.lstrcatA
	KERNEL32.CreateFileA
	KERNEL32.WriteFile
	KERNEL32.CloseHandle
	USER32.wsprintfA
	KERNEL32.WinExec
	KERNEL32.GetTempPathA
	KERNEL32.ExitProcess

	"C:\\DOCUME~1\\cyberta\\LOCALS~1\\Temp\\winlo"...
	"\\hsjefi8wunkmdf.dll"
	"C:\\DOCUME~1\\cyberta\\LOCALS~1\\Temp\\winlo"...
	"C:\\DOCUME~1\\cyberta\\LOCALS~1\\Temp\\winlo"...
	"C:\\DOCUME~1\\cyberta\\LOCALS~1\\Temp\\winlo"...
	"Regsvr32.exe /s %s"
	"\"C:\\m_unpacker\\packed.exe\""
	"\"C:\\m_unpacker\\packed.exe\""
	"C:\\DOCUME~1\\cyberta\\LOCALS~1\\Temp\\winlo"...
	"winlogun.exe"
	"C:\\DOCUME~1\\cyberta\\LOCALS~1\\Temp\\winlo"...
	"C:\\DOCUME~1\\cyberta\\LOCALS~1\\Temp\\winlo"...
	"C:\\DOCUME~1\\cyberta\\LOCALS~1\\Temp\\winlo"...
	"http://jebo.name/cd/un2.php?id=%s&ver=v"...
	"explorer.exe"

sub_401127(babb):
	KERNEL32.GetModuleFileNameA
	KERNEL32.lstrcpyA
	KERNEL32.lstrcatA
	KERNEL32.CreateFileA
	KERNEL32.lstrlenA
	KERNEL32.WriteFile
	KERNEL32.CloseHandle
	USER32.wsprintfA
	KERNEL32.ExitProcess

	"C:\\m_unpacker\\p2hhr.bat"
	"C:\\m_unpacker\\p2hhr.bat"
	"C:\\m_unpacker\\packed.exe"
	"C:\\m_unpacker\\p2hhr.bat"
	"p2hhr.bat"
	"C:\\m_unpacker\\p2hhr.bat"
	"C:\\m_unpacker\\p2hhr.bat"
	":lsh2\r\ndel %1\r\nif	exist %1 goto lsh2\r\nd"...
	":lsh2\r\ndel %1\r\nif	exist %1 goto lsh2\r\nd"...
	"C:\\m_unpacker\\packed.exe"
	"\"C:\\m_unpacker\\packed.exe\""
	"\"C:\\m_unpacker\\packed.exe\""
	"C:\\m_unpacker\\p2hhr.bat"
	"open"

sub_401565(c1b2):
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegQueryValueExA
	KERNEL32.GetSystemTimeAsFileTime
	USER32.wsprintfA
	KERNEL32.lstrlenA
	ADVAPI32.RegSetValueExA
	ADVAPI32.RegCloseKey
	KERNEL32.lstrcpyA

	" "
	"Software\\Microsoft\\Windows\\CurrentVersi"...
	"1C97AE360A5D87A"
	"WINID"
	" "
	"%lX%lX"
	"1C97AE360A5D87A"
	"1C97AE360A5D87A"
	"1C97AE360A5D87A"
	"WINID"
	" "
	" "
	"1C97AE360A5D87A"
	"ERROR"
	"1C97AE360A5D87A"