Members "... " Your PASSWORD is: " " Members Area URL: <a href=\"" "\">" "</a> To access use your usual co"... "-" "-" "-" "-" </pre></td></tr><tr id="sub_6001DEB"><td><pre><a name="sub_6001DEB"></a><a href="b610b3e5ba1c41f946788468decc800b_unpacked.asm.html#sub_6001DEB">sub_6001DEB</a>(d82f): KERNEL32.CreateProcessA KERNEL32.WaitForSingleObject KERNEL32.CloseHandle </pre></td></tr><tr id="sub_60028FB"><td><pre><a name="sub_60028FB"></a><a href="b610b3e5ba1c41f946788468decc800b_unpacked.asm.html#sub_60028FB">sub_60028FB</a>(e0fe): "UserInit" "UserInit" </pre></td></tr></table><script> document.getElementById(window.location.href.split('#')[1]).setAttribute("style", "background-color:#ddddff"); </script> </html>

sub_6001D3D(150d):
	KERNEL32.VirtualAlloc

sub_600256F(17a2):
	KERNEL32.Sleep

sub_600183B(18b5):
	"VTimeTimestamp"

sub_60015F4(34a5):
	KERNEL32.CreateEventA
	KERNEL32.CloseHandle
	KERNEL32.WaitForSingleObject

sub_6002ACC(3513):
	"Settings"
	"DialPrefix"

sub_60017D0(4d78):
	"Software\\Microsoft\\Windows\\CurrentVersi"...

sub_6002B9A(7a48):
	"System\\CurrentControlSet\\Services\\Class"...
	"System\\CurrentControlSet\\Services\\Class"...
	"System\\CurrentControlSet\\Control\\Class\\"...
	"System\\CurrentControlSet\\Control\\Class\\"...

sub_6002C32(7b11):
	KERNEL32.GetSystemTime

sub_6001946(7e96):
	"RTimestamp"
	"RTimestamp"

sub_60029B0(830a):
	"System\\CurrentControlSet\\Services\\Class"...
	"System\\CurrentControlSet\\Services\\Class"...
	"System\\CurrentControlSet\\Control\\Class\\"...
	"System\\CurrentControlSet\\Control\\Class\\"...

sub_6001FD5(9600):
	"	HTTP/1.1\r\nHost: "
	"\r\nUser-Agent: r\r\nConnection: close\r\n\r\n"

sub_600231F(98dd):
	"modem"

sub_6001675(a25b):
	"Applications\\iexplore.exe\\shell\\open\\co"...
	"c:\\progra~1\\intern~1\\iexplore.exe %1"

sub_60018DF(a671):
	"VTimeTimestamp"

sub_6001D0B(b7da):
	KERNEL32.GetTempPathA
	KERNEL32.GetWindowsDirectoryA

sub_6001D55(c7e0):
	KERNEL32.CreateFileA
	KERNEL32.WriteFile
	KERNEL32.CloseHandle

sub_6002681(cf85):
	KERNEL32.Sleep

	"modem"

sub_6002CEB(d445):
	KERNEL32.LoadLibraryA
	KERNEL32.GetProcAddress

	"ś1"

start(d46b):
	KERNEL32.VirtualLock
	KERNEL32.CreateMutexA
	KERNEL32.ExitProcess
	KERNEL32.Sleep
	KERNEL32.DeleteFileA

	"DIALER"
	"\\h91746.exe"
	"\\h91746.exe"
	"javascript:'Members "...
	"</b><br>Your PASSWORD	is: <b>"
	"</b><br>Members Area URL: <a href=\""
	"\">"
	"</a><br><br>To access	use your usual co"...
	"-"
	"-"
	"-"
	"-"
</font></pre></td></tr><tr id="sub_6001DEB"><td><pre><a name="sub_6001DEB"></a><a href="b610b3e5ba1c41f946788468decc800b_unpacked.asm.html#sub_6001DEB"><font size=+2>sub_6001DEB</a>(d82f)</font>:<font color=darkgreen>
	KERNEL32.CreateProcessA
	KERNEL32.WaitForSingleObject
	KERNEL32.CloseHandle</font>
<font color=brown></font></pre></td></tr><tr id="sub_60028FB"><td><pre><a name="sub_60028FB"></a><a href="b610b3e5ba1c41f946788468decc800b_unpacked.asm.html#sub_60028FB"><font size=+2>sub_60028FB</a>(e0fe)</font>:<font color=brown>
	"UserInit"
	"UserInit"
</font></pre></td></tr></table><script>
document.getElementById(window.location.href.split('#')[1]).setAttribute("style", "background-color:#ddddff");
</script>
</html>