sub_outside():
	KERNEL32.GetCurrentThreadId
	KERNEL32.GetSystemDirectoryA
	KERNEL32.SetCurrentDirectoryA

start(205d):
	KERNEL32.CreateMutexA
	WS2_32.WSAStartup
	KERNEL32.LoadLibraryA
	KERNEL32.ReleaseMutex
	KERNEL32.GetProcAddress
	ADVAPI32.RegOpenKeyExA
	ADVAPI32.RegQueryValueExA
	ADVAPI32.RegCloseKey
	KERNEL32.lstrcpy
	KERNEL32.lstrcat
	ADVAPI32.RegCreateKeyExA
	ADVAPI32.RegSetValueExA
	WS2_32.socket
	WS2_32.htons
	WS2_32.inet_addr
	WS2_32.connect
	KERNEL32.CreateProcessA

	"urlmon.dll"
	"URLDownloadToFileA"
	"WindowsSubVersion"
	"winsub.xml"
	"b="
	"c="
	"d="
	"|"
	"http://205.209.179.37/aff/cntr.php"
	"svcp.csv"
	"svcp.csv"
	"|"
	"w"
	"winsub.xml"
	"WindowsSubVersion"
	"!!"
	"_"
	"_"
	"64.233.185.114"
	"0"
	"1"
	"0"
	".exe"
	"_"
	"_"
	"1"
	"2"
	"3"
	"e="
	"&x="
	"y="
	"svcp.csv"
	"svcp.csv"

sub_401C28(4a97):
	KERNEL32.GetCommandLineA
	KERNEL32.GetModuleHandleA

sub_40107A(8af0):
	NTDLL.RtlUnwind